A Guide to Public Wifi Security Risks
& How to Use it Safely

Our connection to the internet has had a huge impact on how we operate as a global society. It’s drawn the world closer together, and made it easier than ever to research, absorb and relay information at the click of a button. There are hundreds of fantastic things we can thank the World Wide Web for. But, sadly, that doesn’t mean it isn’t without fault. There’ll always be people who try to exploit the naivety or recklessness of others. That sad state of affairs extends to cyberspace. Criminals will often try to intercept sensitive data over wifi networks – and there’s no better place to try that than on (often unguarded) public servers. But don’t worry, there are ways to combat this. This guide will run you through everything you need to know about how these cybercriminals operate, and provide you with effective ways of preventing and countering an attack.

This information is shared courtesy of SurfShark.


A brief history of public wifi

It’s hard to imagine a world without readily available internet. In 2020, we know we can just step outside and access the net without a second thought. It hasn’t always been that way.

Whether it’s on our laptop at a local coffee house, or using our phones on cellular-specific networks, things have come a long way in the past couple of decades.

 The evolution of public wifi

While we associate the use of the internet with the 21st century, wifi actually has its origins in the end of the previous millenium.

The original form of wireless internet, IEEE 802.11-1997, was (unsurprisingly, given the name) introduced in 1997. It was designed to provide connectivity to automatic machinery and stations that required speedy and immediate deployment (such as on military bases).

Owing to the capabilities of the technology, the Wi-Fi alliance was quickly formed as a means of copyrighting the trademark under which wireless products were sold.

Apple were unsurprisingly one of the first companies to spring to action. They began selling iBooks, which were some of the first pieces of commercial hardware to possess internet connectivity options.

The wireless revolution would grip the world in 2000, with more people accessing the internet remotely than by traditional analogue methods.

This trend would soon see institutions like coffee shops, schools and other public spaces purchasing their own wifi hubs, with the intention of allowing customers, students or other users to gain access round the clock.

By the end of 2010, there were over one million wireless networks spread around the world. It’s now the expected norm when you walk into a coffee shop to be able to connect to a dedicated wireless network.

What was once a niche experiment has transformed into an integral part of how we live our lives.


 Landmarks in the timeline of wifi

There have been a number of huge developments in the world of wifi since it first came into being. Here are some of the most notable landmarks.

Source: Fon.com

1999

The term “wifi” is officially coined. It’s still debated to this day whether the word stood for “wireless fidelity” or has no secondary meaning.

2002

Operators around the world begin to offer wifi with cable connectivity all around the world.

2005

The word “wifi” gets added as a term to the Merriam-Webster English dictionary.

2007

Smartphones have become widely available on the market. Wifi is becoming increasingly popular, prompting manufacturers to develop more devices integrated with the technology.

2009

More than 600 million wifi devices are sold worldwide at this point.

2011

3 million users are sharing wifi at home with FON (the world’s first global wifi network). 1.2 billion devices have been sold.

2012

Wifi can now be found in as many as 25% of all homes across the world.


The security risk of using public wifi

The ease of connecting to public wifi means millions of people are putting themselves in a position which could see them at risk on a daily basis.

While it would be wrong to panic or avoid using a public connection altogether, it’s worth understanding the potential risks. Let’s take a closer look at how and why you might be targeted, as well as common mistakes which people make when using a more open network.

 How could I be targeted?

There are a series of tactics which cybercriminals employ to intercept and exploit your data. Several different methods are used by cyber criminals to try and get their unwanted hands on your information.

Man-in-the-middle attacks

This is undoubtedly the most common form of attack over public wifi. As the name suggests, hackers intercept data packages as they travel between users, preying on this vital information when it’s most vulnerable and unprotected.

Connections without mutual authentication protocols at both ends are those most susceptible to this kind of attack. This type of targeting is also referred to as “eavesdropping”, owing to the way in which hackers are waiting patiently and listening out for snippets of data to be transmitted.

Rogue spots

These are particularly devilish, as they purposefully mirror or copycat an existing network. They’ll often be set up by scammers near to local businesses who offer wifi, hoping someone accidentally connects to them instead of the legitimate network.

Any information you enter on this kind of network will become susceptible to interception from the person who set it up. If you’re worried about joining a fake connection, make sure to ask the establishment you’re in what their network name and password is.

Packet analyzers

Packet analyzers, or “sniffers”, are not always used in a malicious way. They’re sometimes just a means of monitoring traffic, or testing if a system can handle an error if one is randomly introduced.

However, the prying nature of these analyzers can also become dangerous tools in the hands of cyber criminals. By their very nature, packet analyzers are designed to collect data and contact information. In the hands of a hacker, this can be disastrous.

Worms

Just as unpleasant as the name suggests, worms are effectively the more fluid cousin of a traditional computer virus. They don’t need a program to attach to like a traditional computer bug. Instead, they travel through networks and across computers, collecting vital data.

After they’ve absorbed as much information as possible, they transfer back to the host network (the hacker’s). A worm can travel across any network it’s connected to.

Mishandled wifi setup

Despite the expanded knowledge we have as a society about the risks of online attacks, sometimes a lazier approach can be adopted during system setup. Simple mistakes like keeping the default password and username on a router, for example, make it very easy for someone to gain access to the network.

These are some of the most common ways in which a user will be targeted. But what happens with the data once it’s been illegally collected?

 
  What information is being taken?

Hackers are looking for a variety of personal contact information when they take your data. Some of the most common forms of information they’ll look to exploit includes:

  • Your full name.
  • Your date of birth.
  • Your email address.
  • Your home address.
  • Your telephone number.
  • Bank details.
  • Medical information.
  • Insurance details and information.

Some of this information might not sound like it could be that damaging. After all, what can a criminal do just by knowing your name?

Sadly, it’s often the case a cyber criminal will get their hands on more than one of these pieces of data at a time. Using them, they’ll be able to exploit a number of tricks to use your information to their own advantage.

 What can a cyber criminal do with my data?

Unfortunately, online criminals are experts at taking your sensitive information and using it to benefit themselves. Here are just some of the ways they’ll do that.

Personally identifiable information

This is the slightly fancy name given to all the data which relates to contacting you. That means stuff like your name, address or phone number.

It’s probably the most versatile form of data which can be intercepted by a hacker. Some of the most common forms of attack see a criminal apply for loans or credit cards in a victim’s name, or filing fraudulent tax returns. Less serious (albeit still very annoying) attacks occur when this personal information is sold to spammy marketing firms.

Financial information

This constitutes stuff like your banking and billing information. Using your account details, a hacker can pay bills with your money, buy things online fraudulently, or even directly transfer funds from your account to theirs.

In very extreme cases, your card details may even be used to create counterfeit cards. While this is extreme, it has been known to happen.

Healthcare information

This is stuff like hospital records and medical insurance information. As well as giving access to a series of very personal snippets of data, gaining access to these also allows a criminal to order a fake subscription in your name. This can be particularly damaging if they start to regularly buy drugs over the counter in your name, for example.

Educational information

This largely applies to aspects like your school records. This won’t open you up to the same kind of attack you’d expect if your financial information was stripped. But you could find yourself the victim of blackmailing if you don’t want this personal information to be leaked.

User ID

In this instance, someone might adopt your persona to pretend to be you online. This identity theft could result in any number of fraudulent activities. As email details or passwords are often all that’s needed to confirm who you are, having these vital snippets of data stolen could be disastrous.

 
Common mistakes people make

Sometimes there really is nothing you can do to stop someone gaining access to your personal information. But these cases are somewhat rare. Often, you’ll have a large level of control over how much access someone can gain to your data.

Unfortunately, a lot of people are simply unaware of some of the ways they’re putting themselves at risk. Some of the most common problems to avoid include things like:

Doing online banking

This should be an immediate red flag if you’re someone who’s worried about your finances being tampered with. While most banks operate out of a secure, encrypted network, that doesn’t stop a hacker from intercepting data you’re sending from the wifi before it reaches the bank.

Assess the security of a website

When you land on a website, check to make sure the URL begins with HTTPS and not just HTTP. That means any data you enter on the site should be protected. This is only really a factor if you’re entering login details.

Connecting to unfamiliar networks

If a network doesn’t look like one you’ve seen before, or appears in any way shady, don’t trust it. Make sure you only ever connect with a system which you can 100% verify as a genuine wifi network.

Installing software

If you’re prompted to do an update on your computer while out and about, just don’t. While there’s a good chance this is a harmless installation, there’s also the possibility it could be a malicious attempt to download malware onto your computer.

As we’ve discussed, hackers will set up fake hotspots with the express intent of tricking you into thinking they’re legitimate. They can send fake push alerts telling you that you need to update your software, and hide the virus within the downloads.


Protecting your data when using public wifi

We’ve looked at the potential dangers which lurk in the world of public wifi usage. But what actionable steps can you take to make sure you’re doing all you can to keep your data safe?

 Understanding when websites are and aren’t encrypted

When a website is encrypted, it means the data being stored on there is protected. But how do you know the site you’re on is safe? Thankfully, there are a few handy tips for telling the difference between a web page which is and isn’t protected.

The all-important ‘S’

We’ve already discussed this, but it’s crucial you see the code HTTPS and not just HTTP in a site’s URL. This is a sign that it has an SSL certificate, showing it’s a safe website to use.

Trust seals

As the name suggests, these act as signals to a user that a website has done everything it can to protect your information. They’re often signified via an icon like a padlock or a shield.

Check the privacy policy

We’ve already discussed this, but it’s crucial you see the code HTTPS and not just HTTP in a site’s URL. This is a sign that it has an SSL certificate, showing it’s a safe website to use.

Look for signs of malware

It’s actually easier to spot potential signs of malware than you might imagine. Some of the biggest telltale signs include things like:

Defacement

Where criminals replace the logo or banner of a website with their own image.

SEO spam

Are there any links to other websites which just don’t look right? If something has been added unnaturally, there’s a chance it could lead you through to a dangerous link.

Pop-ups

If you’re seeing lots of spammy images popping up and appearing in front of your screen, there’s a chance malware is trying to use these as an avenue to attack you.

Phishing kits

These are websites which look similar to genuine websites, but are actually just imitations. Stuff like odd URLs or spelling errors often give these away.

Ultimately, if something doesn’t feel right, get off the website.

 
Tips for protecting your data when browsing on a laptop

Knowing what to look out for is really handy, but it’s even more useful to know what you can actively do to prevent the threat of an attack.

Try not to file share

Make sure your settings are such that nobody can AirDrop anything to your computer. This is an easy way for cybercriminals to send a virus directly to your PC. To make this as private as possible, go to “Finder>AirDrop>Allow me to be discovered by: No One”.

Don’t give away too much information

It probably goes without saying, but you need to be careful with what you’re sharing online. That also means while you’re signing onto the wifi itself. If it asks you for personal details like your email or phone number, it’s best to steer clear.

Install a security app

Just as you would run a firewall on your computer to protect against viruses, there are apps available to protect your phone. These work in the same way as traditional antivirus software.

Set up remote wipe

Worried your phone might have fallen victim to an attack? You can actually wipe it remotely to delete any sensitive data you’re worried might fall into the wrong hands. Make sure to only do this if you’re really panicking, though. It might be hard to recover the data once it’s been wiped.

 Tips for protecting your data when browsing on mobile

While phones are basically “mini computers”, they’re a totally different beast to laptops. That means you’ll have to take different precautions when it comes to using a smartphone.

Some of the best tactics you can employ are things like:

Only using the app store

If your phone allows you to install apps outside of the app store, don’t. The store is specifically designed to test every app which is available, for malware. Don’t run the risk of downloading an app elsewhere just because it’s free.

Limit your apps

When you install a new app you’ll often be asked how much access you want to give it to your personal information. In some instances, you may have to let the app access your photos or location. But make sure you don’t blindly give permission for it to read all of your personal details.

Always read terms and conditions

Just as you would run a firewall on your computer to protect against viruses, there are apps available to protect your phone. These work in the same way as traditional antivirus software.

Always keep your software updated

While some computers, like Macs, have a built-in system which will keep your computer protected, you still need to keep your software as up-to-date as possible. As we’ve already discussed, it’s best to do these updates at home in the safety of your own, trusted connection.


Using a VPN to protect your data

We’ve covered a lot of ways to protect yourself, but arguably the most effective is employing the use of a virtual private network (VPN). Let’s discover how a VPN works, as well as what it does to ensure your data is protected at all times.

 What is a VPN?

In short, a VPN is a cloaking tool, which provides you with a private network on a public internet connection. A VPN will hide your internet protocol (IP) address, and offer an encrypted service which theoretically keeps your data protected.

But it’s not just your IP which is masked. You’ll also be able to search knowing that nobody can view your history. That means you’ll be far less likely to be targeted for remarketing campaigns – where companies send you advertisements for products you’ve previously searched in the past.

It’s the anonymity and encryption of a VPN which make it so valuable on a public network connection. Your data and confidentiality are both protected by the same system, which is why a lot of people turn to these private networks.

 How does a VPN protect you?

We’ve already alluded to some of the benefits you’ll experience when using a VPN. There are loads of reasons why you should elect to incorporate one into your regular browsing routine.

IP address and location

Your IP address is effectively a tracking device, which allows someone to work out where you are when you searched for something.

With a VPN, your search history can’t be gathered, viewed or sold to advertising companies. The only people who’ll be able to see your search history are the owners of the device you’re browsing on (for example a school or workplace).

Streaming

When you travel to another country or region, there’s a chance you won’t be able to access the same streaming platforms normally available to you. If you’re desperate to watch a certain show or event, there’s a possibility you could be convinced to turn to dangerous streaming sites.

With a VPN, the risk is eliminated. You can change the location of your IP address so that it corresponds with where you are. That means the streaming service will be back up and running as normal, without you needing to turn to a dodgy site.

Your devices

A VPN will work across any device which logs on to a public wifi connection. That means you’ll receive a comprehensive level of protection, regardless of what device you’re accessing the internet from. Smartphones, tablets, laptops and even fitbits can all connect without risk.


The vulnerabilities of using a VPN

While VPNs are a fantastic way of staying protected, sometimes weaker systems will fall victim to basic mistakes. Here are some of the ways a poor VPN can be exploited.

Weak security protocol

Not all VPNs are created equal. Some have a weaker security protocol, meaning they won’t offer the same level of protection. That’s either because they’re not as efficient at picking up on a potential risk, or bad at dealing with a problem when they identify one.

Single layer protection

Some networks only mask your identity using the one layer of protection protocol. Even if this is a strong layer in itself, it does mean you’re completely exposed if it’s cracked. Having multiple layers in place means you have more than just the one line of defence should you be attacked.

Exploitation

Arguably the biggest threat facing VPNs is the ability of hackers to retrieve what the VPN deems as “arbitrary files”. In some cases, the information found in these files is detailed enough to connect to the private network, granting someone the chance to change configuration settings. At this point, they’ll run a secondary exploit, targeted at gaining access to a root shell.

Make sure when you’re choosing a VPN that your provider is taking all of these factors into account. If you’re unsure, get in contact directly.